honoluluadvertiser.com

Sponsored by:

Comment, blog & share photos

Log in | Become a member
The Honolulu Advertiser

Posted on: Thursday, June 10, 2004

Internet scams hit Hawai'i

 •  Prevent Internet identity theft

By Deborah Adamson
Advertiser Staff Writer

Hawai'i is getting hit by Internet scams involving bogus e-mails that until now have been mostly seen in the Mainland.

Since the beginning of the year, dozens of people have reported receiving e-mails purportedly from major corporations asking for personal information such as credit card, bank account or Social Security numbers, according to the Better Business Bureau of Hawaii.

Called "phishing," this type of scam uses e-mails to fish for information from Internet users.

Nationally, phishing attacks grew by 4,000 percent in the past six months, according to the Anti-Phishing Working Group, an industry consortium in Redwood City, Calif.

In Hawai'i, the number is rising as well.

"It has started to pop up," said Detective Letha DeCaires, coordinator of the Honolulu Police Department's CrimeStoppers unit. "Phishing is new here." There are no local statistics yet since most of the attacks have been fairly recent.

In this type of scam, Internet users receive e-mail that looks like official correspondence from a company. Citing reasons such as account verification, the e-mails ask the recipients to click a link to a bogus Web page and enter sensitive financial information. The information is then used for fraudulent activity, such as making online purchases with stolen credit card numbers.

About 5 percent of consumers who get these e-mails respond, the Anti-Phishing group said. Bogus Web pages can easily fool consumers because they often look like the real sites, even down to copying the logos exactly and mimicking real Web addresses, said Dan Maier, a spokesman for the anti-phishing group.

Maier said the financial services industry is the most targeted by phishers, with Citibank, a unit of the world's financial services firm Citigroup, often topping the list. Other companies often targeted include eBay, PayPal, AOL, Microsoft and various large banks.

The term phishing was coined in the mid-1990s by computer hackers who were targeting America Online accounts and stealing passwords from AOL customers. "Ph" is a common hacker replacement for "f," and is a nod to the original form of hacking known as "phreaking."

One phish e-mail purported to be from eBay says: "During our regular update and verification of the accounts, we couldn't verify your current information. Either your information has changed or it is incomplete. As a result, your access to bid or buy on eBay has been restricted. To start using your eBay account fully, please update and verify your information by clicking below."

The link sends the user to a fake eBay Web page that asks for the user ID, password, full name, date of birth, Social Security number, credit or debit card number, expiration date and the three-digit code on the back of the card — originally designed to thwart online fraud.

The fake Web page also includes the line, "your information is kept safe and private," with a graphic of a lock next to it.

But consumers should be wary of responding to such e-mail since legitimate companies don't ask for financial information in this manner, Maier said.

"You never click on a link," DeCaires said. "Type in the URL (Web address) yourself."

You may wish to contact the company by phone to verify the correspondence, Maier said.

When legitimate companies send e-mails they normally personalize them, while scammers generally can't do it because they send mass mailings, Maier said. For instance, legitimate e-mails usually include a person's first and last names, while bogus one's might have just a first initial followed by the last name.

One person who's received several phish e-mail messages in recent months is Stuart Yamane of Kane'ohe.

He said the messages looked official and the linked Web page appeared authentic in many cases, even matching the logo and corporate colors.

But Yamane said he hasn't fallen prey to the scams because his natural hesitancy to give out personal information and his concerns about potential identity theft. While the experience has made him more careful about doing business online, it's not going to put a damper on his Internet use.

"The World Wide Web is part of our lives," Yamane said. "Living in Hawai'i, (going online is) one of the most efficient ways to do shopping."

Reach Deborah Adamson at dadamson@honoluluadvertiser.com or 525-8088.

• • •

Prevent Internet identity theft:

  • Don't provide credit card numbers by e-mail; legitimate companies never ask for that information by e-mail, even for verification.
  • Online bank accounts should be reviewed monthly.
  • Never click on a link from an unsolicited e-mail.

More anti-phishing tips:

  • Make sure to update your browser's security patches. If you use Microsoft's Internet Explorer, go to www.microsoft.com/security/.
  • Earthlink offers a free browser that alerts the user when a Web page is on its list of known phisher sites. Download at www.earthlink.net/earthlinktoolbar. You don't have to subscribe to Earthlink to use it.
  • Report any suspicious e-mail. Forward the e-mail to The Federal Trade Commission at uce@ftc.gov and the Anti-Phishing group at reportphishing@antiphishing.com.
  • File a complaint on the Web site of the FBI's Internet Fraud Complaint Center at www.ifccfbi.gov. In Hawai'i, call CrimeStoppers at 955-8300, the state Department of Commerce and Consumer Affairs at 587-3222 or the Better Business Bureau of Hawaii at 536-6956.
  • If you think your personal information has been stolen, contact your credit card company and other affected businesses. Report it to the three major credit reporting agencies: Experian (888) EXPERIAN; Equifax (800) 525-6285; and TransUnion (800) 680-7289 and ask them to place a fraud alert and a victim's statement in your file. Contact the Social Security Administration's Fraud Hotline at (800) 269-0271.